Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. Thus, user interaction is required to begin the malware installation.”

Malware 96

Malware Phishing Banking Hacking 96

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? The post Researchers found alleged sensitive documents of NATO and Turkey appeared first on Security Affairs. ” reads the post published by Cyble. Pierluigi Paganini.

Advertising 135

Advertising Manufacturing Hacking Cyber Attacks 135

Security Affairs

SEPTEMBER 29, 2022

The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. Microsoft[.]com, Pierluigi Paganini.

Malware 123

Malware Government Hacking Information Security 123

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing 124

Phishing Malware Computers and Electronics Internet 124

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. ” The RAR archive analyzed by the Ukrainian CERT-UA contains the document “Algorithm_LegalAid.xlsm.” Pierluigi Paganini.

Telecommunications 128

Telecommunications Malware Media Passwords 128

Lenny Zeltser

OCTOBER 13, 2020

To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. In addition to providing numerous tools as part of the REMnux distro, the project also offers several malware analysis tools as Docker images.

Malware 145

Malware Engineering Software Information Security 145

Security Affairs

FEBRUARY 24, 2021

Ukraine ‘s government attributes a cyberattack on the government document management system to a Russia-linked APT group. The Ukraine ‘s government blames a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). Pierluigi Paganini.

Government 84

Government Computers and Electronics Cyber Attacks Malware 84

Malwarebytes

FEBRUARY 12, 2024

Today on the Lock and Code podcast … If your IT and security teams think malware is bad, wait until they learn about everything else. In fact, some attacks have gone so “quiet” that they involve no malware at all. But not every organization has that at hand. What, then, are IT-constrained businesses to do?

Malware 72

Malware Ransomware Antivirus Information Security 72

Security Affairs

NOVEMBER 9, 2022

Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ” reads the report published by the security firm. The malicious Microsoft Word document (“ ???.docx

Malware 94

Malware Ransomware Cybercrime Phishing 94

Security Affairs

DECEMBER 4, 2022

The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. ” reads the report published by Volexity.

Cryptocurrency 95

Cryptocurrency Malware Hacking Information Security 95

Security Affairs

DECEMBER 23, 2021

Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. The bad news is that threat actors are using it to distribute the Formbook malware. The CVE-2021-40444 is a remote code execution security flaw that affected the MSHTML file format.

Malware 140

Malware Hacking Ransomware Cybercrime 140

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Malware 145

Malware Software Engineering Information Security 145

Security Affairs

JANUARY 17, 2021

The European Medicines Agency (EMA) revealed Friday that COVID-19 vaccine documents stolen from its servers have been manipulated before the leak. The European Medicines Agency (EMA) declared that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated. Pierluigi Paganini.

Cyber Attacks 105

Cyber Attacks Hacking Government Data breaches 105

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. ” concludes the report.

Malware 93

Malware Phishing Banking Hacking 93

Security Affairs

MARCH 27, 2023

A new MacStealer macOS malware allows operators to steal iCloud Keychain data and passwords from infected systems. Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems.

Cybercrime 95

Cybercrime Malware Passwords Advertising 95

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware 119

Malware Antivirus Phishing Cryptocurrency 119

Security Affairs

FEBRUARY 13, 2023

Alleged Russian threat actors have been targeting cryptocurrency users in Eastern Europe with Enigma info-stealing malware. A malware campaign conducted by alleged Russian threat actors has been targeting users in Eastern European in the crypto industry. ” reads the analysis published by Trend Micro. ” continues the report.

Cryptocurrency 87

Cryptocurrency Malware Media Phishing 87

Security Affairs

JULY 31, 2022

The researchers discovered over a dozen Android Apps on Google Play Store, collectively dubbed DawDropper, that were dropping Banking malware. The DawDropper apps are masqueraded as productivity and utility apps such as document scanners, VPN services, QR code readers, and call recorders. . ” concludes the report.

Banking 121

Banking Malware VPN Hacking 121

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 276

Malware Software Technology Accountability 276

Security Affairs

JULY 21, 2022

A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. “EvilNum malware and the TA4563 group poses a risk to financial organizations.

Malware 86

Malware Cryptocurrency Hacking Risk 86

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware 109

Malware Encryption Telecommunications Authentication 109

Security Affairs

APRIL 18, 2021

Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. exe or annualreport.exe.

Malware 113

Malware Ransomware Encryption Phishing 113

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware 84

Malware Passwords Identity Theft Data collection 84

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware 138

Malware Telecommunications Internet Internet 138

Security Affairs

AUGUST 21, 2022

The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework. Each additional executable allows to steal information from Google Chrome and/or Mozilla Firefox. In the latest attacks, the group sent messages using RTF documents that trick users into enabling macros.

Malware 98

Malware Spyware Phishing Government 98

Security Affairs

MARCH 2, 2023

Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. The firms were targeted as part of two distinct campaigns aimed at distributing GootLoader and FakeUpdates (aka SocGholish) malware. One campaign attempted to infect law firm employees with the GootLoader malware.

Malware 88

Malware Ransomware Engineering Internet 88

Security Affairs

FEBRUARY 13, 2021

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. ” states Forbes.

Mobile 118

Mobile Encryption Software Hacking 118

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Malware 111

Malware Phishing Government Data collection 111

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Accountability 133

Accountability Malware Phishing Social Engineering 133

Security Affairs

SEPTEMBER 4, 2022

The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the. Experts believe that the malware is a surveillance software used by the Iranian government.

Malware 98

Malware Surveillance Government Hacking 98

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware 87

Malware Cybercrime Phishing Internet 87

Security Affairs

SEPTEMBER 29, 2022

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

Malware 93

Malware DDOS Architecture Financial Services 93

Security Affairs

JANUARY 16, 2023

Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. SecurityAffairs – hacking, malware).

Malware 96

Malware Encryption Authentication Hacking 96

Security Affairs

AUGUST 17, 2022

The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. The campaign targets employees working in the aerospace and military sectors and leverages decoy job offer documents. Malware is compiled for Intel and Apple Silicon and drops a PDF decoy.

Malware 90

Malware Engineering Hacking Information Security 90

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. SecurityAffairs – hacking, malware). .

Phishing 120

Phishing Malware Cryptocurrency Information Security 120

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Like other COVID-19 themed malspam campaigns, the infection chain starts by opening a weaponized document used as an attachment.

Malware 138

Malware Manufacturing Cryptocurrency Cybercrime 138

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. Once a relationship has been established, the target will receive a phishing link or a document containing such a link. This backdoor is custom malware, likely developed by or for Coldriver, called Spica.

Social Engineering 93

Social Engineering Government Media DNS 93